Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web SSO with Cloud Resources using AD Federation Services

Published byCameron McKinney Modified over 7 years ago

Similar presentations

Presentation on theme: "Web SSO with Cloud Resources using AD Federation Services"— Presentation transcript:

1 Web SSO with Cloud Resources using AD Federation Services
Dean Flanders and Roger Schmidt FMI / SystemsX Federated Identity Management Workshop EGI Community Forum 2013 April 11th, 2013 in Manchester MCSE joke.

2 Overview Short introduction of SystemsX Goal Current situation
Three ADFS test cases Tool for self-federation Azure Active Directory Summary

3 Mission «SystemsX.ch is determined to become a world-leading initiative in quantitative Systems Biology.» SystemsX.ch is open to any Swiss university or research institution.

4

5 Some Numbers and Facts 1000 scientists 200 research groups
11 universities and research institutes Work together inter-disciplinarily

6 Problem Description Goal: Increase sharing of resources, inter-institutional collaboration, inter-disciplinary collaboration, international collaboration, as well as academic and industry cooperation. Problem: Lack of FIM is seriously impairing research and is a critical problem. Solution: Robust inter-institutional self-federation approach where all users and institutions can easily participate.

7 Is this the solution?

8 Or this?

9 Solved problem?

10 A model for Europe?

11 Typical Architecture Service Providers Identity Providers
Azure Umbrella SWITCHaai, InCommon Application 1 Token Token Fed Service Token Application 2 Central Fed Service («Broker») Token Token Fed Service Application 3 Additional Attributes Claim Rules Engine Trusts SAML 2.0, WS-Security, OAuth etc.

12 Example 1: Federation with Qmarkets
Custom implementations: Specific SAML 2.0 attributes Query SQL DB SimpleSAMLphp ADFS (IdP) Qmarkets (SP) Claim Rules Engine Additional Attribute Store Manual configurations for SAML 2.0 endpoint! URLs Bindings etc. Custom claim type:

13 Example 2: Integration with Umbrella
Shibboleth Custom implementations: SAML attribute queries Virtual groups, REST API Account linking

14 Example 3: Federation with ETH-Z over Azure ACS
ADFS (IdP) Azure ACS ADFS (IdP) Claim Rules Engine Webapp (SP) Windows Identity Foundation

15 Self-federation Portal (a hybrid approach)

16 Self-federation Tool

17 Azure Active Directory
Azure AD is relatively mature but only recently rolled out. Identity as a service Consolidate identity management across cloud apps Connect to directory from any platform, any device Connect with people from web identity providers and other organizations Azure AD ISV App Other MSFT Apps Your Custom IT App Office 365

18 Contoso customer premises
Azure AD Options No Integration Directory Data Only Directory and Single sign-on (SSO) Windows Azure Active Directory Exchange Online Identity Services Authentication platform SharePoint Online Trust Contoso customer premises Active Directory Federation Server 2.0 Admin Portal/ PowerShell IdP Lync Online IdP Directory Store AD MS Online Directory Sync Provisioning platform InTune

19 Summary We feel that the self-federation concept is vital to an all inclusive federation necessary for research and potentially avoids many of these long discussions. Technically all components are available for making FIM a commodity item. A trusted platform such as Azure offers a valuable low cost federation backbone. Federation should be fully under the control of the institution and attribute management under the management of the user. Next step is to make a fully functional version with Azure AD with multiple organizations, and we are happy to collaborate with others on this.

Download ppt "Web SSO with Cloud Resources using AD Federation Services"

Similar presentations

Office 365 Identity June 2013 Microsoft Office365 4/2/2017

Office 365 Identity June 2013 Microsoft Office365 4/2/2017
Office 365 Identity Federation Technology Deep-Dive

Office 365 Identity Federation Technology Deep-Dive
Agenda AD to Windows Azure AD Sync Options Federation Architecture

Agenda AD to Windows Azure AD Sync Options Federation Architecture
Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.

Core identity scenarios Federation and synchronization 2 3 Identity management overview 1 Additional features 4.
Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.

Authentication solutions for Outlook and Office 365 Multi-factor authentication for Office 365 Outlook client futures.
Multi-tenant Resource Management for Instruments, Applications, and Services (The evolution of infrastructure consortiums…) Dean Flanders FMI / SystemsX.

Multi-tenant Resource Management for Instruments, Applications, and Services (The evolution of infrastructure consortiums…) Dean Flanders FMI / SystemsX.
Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.

Federated sign-in WS-Federation WS-Trust SAML 2.0 Metadata Shibboleth Graph API Synchronize accounts Authentication.
Microsoft Ignite /16/2017 4:55 PM

Microsoft Ignite /16/2017 4:55 PM
Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.

Sessions about to start – Get your rig on!. Notes from the field – Implement Hybrid Search and OneDrive for Business Chris Zhong - Microsoft Aaron Dinnage.
4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/17/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
OSP206. Experience Office as it was meant to be… without the complexity of setting up servers.

OSP206. Experience Office as it was meant to be… without the complexity of setting up servers.
Active Directory Integration with Microsoft Office 365

Active Directory Integration with Microsoft Office 365
Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.

Esri UC2013. Technical Workshop. Technical Workshop 2013 Esri International User Conference July 8–12, 2013 | San Diego, California Building Secure Applications.
Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.

Cloud app Cloud app Cloud app Separate username/password sign-in Manual or semi-automated provisioning Active Directory App Separate username/password.
Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.

Active Directory Integration with Microsoft Office 365 Ross Adams & Jono Luk Program Managers Microsoft Corporation OSP321.
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.

Building Integrated Microsoft Office 365, SharePoint Online, and Office Solutions Using BCS and LOB Data Donovan Follette Sr. Technical.
TrackDayTimeTitle ProjectTuesday12:30pm-1:45pm Managing tasks and projects with SharePoint Online and Project Pro for Office 365 ProjectWednesday9:00am-10:15amManaging.

TrackDayTimeTitle ProjectTuesday12:30pm-1:45pm Managing tasks and projects with SharePoint Online and Project Pro for Office 365 ProjectWednesday9:00am-10:15amManaging.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
SIM 320. Contoso customer premises AD MS Online Directory Sync Identity Services Provisioning platform Provisioning platform Lync Online Lync Online.

SIM 320. Contoso customer premises AD MS Online Directory Sync Identity Services Provisioning platform Provisioning platform Lync Online Lync Online.

Similar presentations

Ads by Google